Vulnerabilities > CVE-2016-1972 - Unspecified vulnerability in Mozilla Firefox

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
mozilla
nessus

Summary

Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Mozilla
424
OS
Microsoft
1

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_45.NASL
    descriptionThe version of Firefox installed on the remote Mac OS X host is prior to 45. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
    last seen2020-06-01
    modified2020-06-02
    plugin id89873
    published2016-03-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89873
    titleFirefox < 45 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89873);
      script_version("1.11");
      script_cvs_date("Date: 2019/11/20");
    
      script_cve_id(
        "CVE-2016-1950",
        "CVE-2016-1952",
        "CVE-2016-1953",
        "CVE-2016-1954",
        "CVE-2016-1955",
        "CVE-2016-1956",
        "CVE-2016-1957",
        "CVE-2016-1958",
        "CVE-2016-1959",
        "CVE-2016-1960",
        "CVE-2016-1961",
        "CVE-2016-1962",
        "CVE-2016-1963",
        "CVE-2016-1964",
        "CVE-2016-1965",
        "CVE-2016-1966",
        "CVE-2016-1967",
        "CVE-2016-1968",
        "CVE-2016-1969",
        "CVE-2016-1970",
        "CVE-2016-1971",
        "CVE-2016-1972",
        "CVE-2016-1973",
        "CVE-2016-1974",
        "CVE-2016-1975",
        "CVE-2016-1976",
        "CVE-2016-1977",
        "CVE-2016-1979",
        "CVE-2016-2790",
        "CVE-2016-2791",
        "CVE-2016-2792",
        "CVE-2016-2793",
        "CVE-2016-2794",
        "CVE-2016-2795",
        "CVE-2016-2796",
        "CVE-2016-2797",
        "CVE-2016-2798",
        "CVE-2016-2799",
        "CVE-2016-2800",
        "CVE-2016-2801",
        "CVE-2016-2802"
      );
      script_xref(name:"MFSA", value:"2016-16");
      script_xref(name:"MFSA", value:"2016-17");
      script_xref(name:"MFSA", value:"2016-18");
      script_xref(name:"MFSA", value:"2016-19");
      script_xref(name:"MFSA", value:"2016-20");
      script_xref(name:"MFSA", value:"2016-21");
      script_xref(name:"MFSA", value:"2016-22");
      script_xref(name:"MFSA", value:"2016-23");
      script_xref(name:"MFSA", value:"2016-24");
      script_xref(name:"MFSA", value:"2016-25");
      script_xref(name:"MFSA", value:"2016-26");
      script_xref(name:"MFSA", value:"2016-27");
      script_xref(name:"MFSA", value:"2016-28");
      script_xref(name:"MFSA", value:"2016-29");
      script_xref(name:"MFSA", value:"2016-30");
      script_xref(name:"MFSA", value:"2016-31");
      script_xref(name:"MFSA", value:"2016-32");
      script_xref(name:"MFSA", value:"2016-33");
      script_xref(name:"MFSA", value:"2016-34");
      script_xref(name:"MFSA", value:"2016-35");
      script_xref(name:"MFSA", value:"2016-36");
      script_xref(name:"MFSA", value:"2016-37");
      script_xref(name:"MFSA", value:"2016-38");
    
      script_name(english:"Firefox < 45 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks the version of Firefox.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Firefox installed on the remote Mac OS X host is prior
    to 45. It is, therefore, affected by multiple vulnerabilities, the
    majority of which are remote code execution vulnerabilities. An
    unauthenticated, remote attacker can exploit these issues by
    convincing a user to visit a specially crafted website, resulting in
    the execution of arbitrary code in the context of the current user.");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-32/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox version 45 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1962");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/11");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_firefox_installed.nasl");
      script_require_keys("MacOSX/Firefox/Installed");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    
    kb_base = "MacOSX/Firefox";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');
    
    mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'45', severity:SECURITY_HOLE);
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-334.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : MozillaFirefox was updated to Firefox 45.0 (boo#969894) - requires NSPR 4.12 / NSS 3.21.1 - Instant browser tab sharing through Hello - Synced Tabs button in button bar - Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching - Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level - Tab Groups (Panorama) feature removed - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages - MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden - MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels - MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore - MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin - MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection - MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library mozilla-nspr was updated to version 4.12 - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes mozilla-nss was updated to NSS 3.21.1 (bmo#969894) - required for Firefox 45.0 - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1)
    last seen2020-06-05
    modified2016-03-14
    plugin id89915
    published2016-03-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89915
    titleopenSUSE Security Update : Firefox (openSUSE-2016-334)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_45.NASL
    descriptionThe version of Firefox installed on the remote Windows host is prior to 45. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
    last seen2020-06-01
    modified2020-06-02
    plugin id89875
    published2016-03-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89875
    titleFirefox < 45 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201605-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201605-06 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id91379
    published2016-05-31
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91379
    titleGLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_2225C5B41E5A44FC9920B3201C384A15.NASL
    descriptionMozilla Foundation reports : MFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages MFSA 2016-19 Linux video memory DOS with Intel drivers MFSA 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing MFSA 2016-21 Displayed page address can be overridden MFSA 2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager MFSA 2016-23 Use-after-free in HTML5 string parser MFSA 2016-24 Use-after-free in SetBody MFSA 2016-25 Use-after-free when using multiple WebRTC data channels MFSA 2016-26 Memory corruption when modifying a file being read by FileReader MFSA 2016-27 Use-after-free during XML transformations MFSA 2016-28 Addressbar spoofing though history navigation and Location protocol property MFSA 2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore MFSA 2016-31 Memory corruption with malicious NPAPI plugin MFSA 2016-32 WebRTC and LibVPX vulnerabilities found through code inspection MFSA 2016-33 Use-after-free in GetStaticInstance in WebRTC MFSA 2016-34 Out-of-bounds read in HTML parser following a failed allocation
    last seen2020-06-01
    modified2020-06-02
    plugin id89765
    published2016-03-09
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89765
    titleFreeBSD : mozilla -- multiple vulnerabilities (2225c5b4-1e5a-44fc-9920-b3201c384a15)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-332.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : MozillaFirefox was updated to Firefox 45.0 (boo#969894) - requires NSPR 4.12 / NSS 3.21.1 - Instant browser tab sharing through Hello - Synced Tabs button in button bar - Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching - Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level - Tab Groups (Panorama) feature removed - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages - MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden - MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels - MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore - MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin - MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection - MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library mozilla-nspr was updated to version 4.12 - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes mozilla-nss was updated to NSS 3.21.1 (bmo#969894) - required for Firefox 45.0 - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1)
    last seen2020-06-05
    modified2016-03-14
    plugin id89913
    published2016-03-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89913
    titleopenSUSE Security Update : MozillaFirefox / mozilla-nspr / mozilla-nss (openSUSE-2016-332)